Hyun

My work and me

About Me

Hello, my name is Hyun — I am a designer and technologist creating symbiotic relationships between information and people. I am currently working with researchers, engineers and designers at IBM Research in Yorktown Heights, New York.
If you have any questions or have something in mind for discussion, please don't hesitate to contact me.

IBM Security X-Force Exchange

IBM Security X-Force Exchange

SYNOPSIS: Software security vulnerabilities have always been documented in separate websites that specialize in a particular platform or vulnerability. IBM Security X-Force Exchange is a product designed for security analysts to monitor cyber attacks in near real time, report on software security vulnerabilities, and collaborate to discover, fix, and research issues with others.

Major Skills Applied

User Experience Support

Front-end Development Support

Ad-hoc Technology Interpreter

All projects at IBM Design are worked on and produced in teams. My specific contributions for X-Force Exchange were mainly on technology research, future designs, and giving a hand on front-end development.

Problem

NOMAD is the word that comes to mind for all the security resource websites. A lot of resources specialize in a specific set of vulnerabilities, focusing on particular use cases on how the vulnerability could be used; this results in an inadequate context for the security analyst to grasp how the vulnerability could be applied to their organization. The job responsibilities of our users requires gathering as much information as possible regarding cyber security threats that could cause harm to their company.

The personas below were crafted by the involved designers and researcher from banking and enterprise IT companies in North America and Western Europe. The data gathered to create these personas involved shadowing and interviewing current as well as prospective clients.

Security Analyst

Working in a larger company this user is in charge of gathering new threats as well as researching documented threats that are relevant to their organization. They research using websites as well as a suite of other security tools.

Pain 1: Researching on a particular indicator of compromise from multiple sources

Pain 3: No way to collaborate with other security analysts in or outside the company

Pain 4: Trying to get caught up with the latest and trending security threats that are relevant to the security analyst's setting

A community-based, threat-intelligence system can bring many advantages to the table compared to separate resources. When working in a community, one may bring insight to each software vulnerability using collaboration as a tool itself in order to surface more attack vectors. With additional insight and information, such discussions have a possibility of surfacing additional vulnerabilities and zero-day attacks.

1. Research on trending threats

2. Collaborate and contribute

3. Repeat

A pretty basic but widely used research method is expected from the users of X-Force who wish to collaborate on security issues.

Process

REFRESHER: At IBM it is widely known that the development team loves to use Java wherever they can. With this product team however, newer technologies like Angular, NodeJS, and NoSQL were used to create the product. The design team quickly became an advocate of using X-Force Exchange as a role model for writing new code and using new technologies. The design team and development team worked closely to turn problems into opportunistic design ideas and iterate them using potential customer feedback as well as research data. The main production teams were as follows...

Liz, Design Lead :: UX and Visual

Oen, Visual Designer

Cameron, Motion and Visual Designer

Blake, Visual Designer

Allison, Visual and Content Designer

Patrick, UX Designer and Researcher

Danny, Front-end Developer

Hyun, UX Designer and Technologist

Development Team

Product Management

During the design and development production phase lasting a year, the original designs and prototypes were followed by the development teams, however, a lot of minor details were left out in the final production code. Upon initial release some animations and specific micro interactions were left out. The design team has worked extensively with the development team (located both overseas and intrastate) to implement the correct designs in the product, by providing more specific examples and code.